Krebs on Security

In-depth security news and investigation

Reports: Liberty Reserve Founder Arrested, Site Shuttered

The founder of Liberty Reserve, a digital currency that has evolved as perhaps the most popular form of payment in the cybercrime underground, was reportedly arrested in Spain this week on suspicion of money laundering. News of the law enforcement action may help explain an ongoing three-day outage at libertyreserve.com: On Friday, the domain registration records for that site and for several other digital currency exchanges began pointing to Shadowserver.org, a volunteer organization dedicated to combating global computer crime.

According to separate reports in The Tico Times and La Nacion, two Costa Rican daily newspapers, police in Spain arrested Arthur Budovsky Belanchuk, 39, as part of a money laundering investigation jointly run by authorities in New York and Costa Rica.

Update, May 28, 9:11 a.m. ET: Libertyreserve.com is now resolving again, but its homepage has been replaced by a notice saying “THIS DOMAIN NAME HAS BEEN SEIZED,” and features badges from the U.S. Treasury Dept., U.S. Secret Service, and the DHS.

Original story:

The papers cited Costa Rican prosecutor José Pablo González saying that Budovsky, a Costa Rican citizen of Ukrainian origin, has been under investigation since 2011 for money laundering using Liberty Reserve, a company he created in Costa Rica. “Local investigations began after a request from a prosecutor’s office in New York,” Tico Times reporter L. Arias wrote. “On Friday, San José prosecutors conducted raids in Budovsky’s house and offices in Escazá, Santa Ana, southwest of San José, and in the province of Heredia, north of the capital. Budovsky’s businesses in Costa Rica apparently were financed by using money from child pornography websites and drug trafficking.”

For those Spanish-speaking readers out there, Gonzalez can be seen announcing the raids in a news conference documented in this youtube.com video (the subtitles option for English do a decent job of translation as well).

Liberty Reserve is a largely unregulated money transfer business that allows customers to open accounts using little more than a valid email address, and this relative anonymity has attracted a huge number of customers from underground economies, particularly cybercrime.

In a now 10-page thread on this crime forum, many members are facing steep losses.

The trouble started on Thursday, when libertyreserve.com inexplicably went offline. The outage set off increasingly anxious discussions on several major cybercrime forums online, as many that work and ply their trade in malicious software and banking fraud found themselves unable to access their funds. For example, a bulletproof hosting provider on Darkode.com known as “off-sho.re” (a hacker profiled in this blog last week) said he stood to lose $25,000, and that the Liberty Reserve shutdown “could be the most massive ownage in the history of e-currency.”

That concern turned to dread for some after it became apparent that this was no ordinary outage. On Friday, the domain name servers for Libertyreserve.com were changed and pointed to ns1.sinkhole.shadowserver.org and ns2.sinkhole.shadowserver.org. Shadowserver is an all-volunteer nonprofit organization that works to help Internet service providers and hosting firms eradicate malware infections and botnets located on their servers.

In computer security lexicon, a sinkhole is basically a way of redirecting malicious Internet traffic so that it can be captured and analyzed by experts and/or law enforcement officials. In its 2011 takedown of the Coreflood botnet, for example, the U.S. Justice Department relied on sinkholes maintained by the nonprofit Internet Systems Consortium (ISC). Sinkholes are most often used to seize control of botnets, by interrupting the DNS names the botnet is programmed to use. Ironically, as of this writing Shadowserver.org is not resolving, possibly because the Web site is under a botnet attack (hackers from at least one forum threatened to attack Shadowserver.org in retaliation for losing access to their funds).

Reached via Twitter, a representative from Shadowserver declined to comment on the outage or about Liberty Reserve, saying “We are not able to provide public comment at this time.” I could find no official statement from the U.S. Justice Department on this matter either.

Assuming the reports at The Tico Times and El Nacion are accurate, this would not be the first time Mr. Budovsky has attracted attention from authorities for money laundering. According to the Justice Department, on July 27, 2006, Arthur Budovsky and a man named Vladimir Kats were indicted by the state of New York on charges of operating an illegal money transmittal business, GoldAge Inc., from their Brooklyn apartments. From a Justice Department account of that case:

“The defendants had transmitted at least $30 million to digital currency accounts worldwide since beginning operations in 2002. The digital currency exchanger, GoldAge, received and transmitted $4 million between January 1, 2006, and June 30, 2006, as part of the money laundering scheme. Customers opened online GoldAge accounts with limited documentation of identity, then GoldAge purchased digital gold currency through those accounts; the defendants’ fees sometimes exceeded $100,000. Customers could choose their method of payment to GoldAge: wire remittances, cash deposits, postal money orders, or checks. Finally, the customers could withdraw the money by requesting wire transfers to accounts anywhere in the world or by having checks sent to any identified individual.”

From the U.S. government’s description, Liberty Reserve sounds virtually indistinguishable from GoldAge, except for having been based in Costa Rica. If Liberty Reseve stays offline, this could cause a major upheaval in the cybercrime economy. I will be following this case closely, and would expect to hear more about this apparently coordinated takedown following the Memorial Day holiday in the U.S. on Monday.

For now, however, many in the underground would rather believe almost any other explanation than a law enforcement takedown. The administrator of cybercrime forum Carder.pro, for example, has been telling forum members that the entire incident is the work of professional hackers working for Liberty Reserve’s competitors.

Update, May 26, 10:45 p.m. ET: A competitor to Liberty Reserve, a virtual currency called Perfect Money, on Saturday posted a note to its site saying it would no longer accept new registrations from individuals or companies based in the United States. “We bring to your attention that due to changes in our policy we forbid new registrations from individuals or companies based in the United States of America. This includes US citizens residing overseas,” the company wrote. “If you fall under the above mentioned category or a US resident, please do not register an account with us. We apologize for any inconvenience caused.”

Update, May 28, 1:26 p.m., ET: I just filed a follow-up story which confirms that libertyreseve.com and other exchangers were seized by the U.S. government. The story also examines the impact of this law enforcement action on other digital currencies, including Bitcoin.

This entry was posted on Saturday, May 25th, 2013 at 4:16 pm and is filed under A Little Sunshine.
You can follow any comments to this entry through the RSS 2.0 feed.
Both comments and pings are currently closed.

416 comments

Informed that the management liberty reserve will be transferred to the new website above for some reason and can not be avoided to the user. He said Arthur Budovsky, to avoid any law we will be responsible for transferring all the latest updates of information for millions of users worldwide use our new website properly. Party development webmaster liberty reserve said Allan Garcia, he will develop the new website for our loyal users. This is due to the behavior of some users have complained is not responsible for us. Therefore, please be sure and pass this information to all users worldwide. We will inform the our new website named “Wrepay.com” will be completed in June.

I did not use Liberty Reserve’s services myself, but do see this as being a valid service. With US Government doing so much spying on it’s citizens and warrantless search and seizures, I would rather not have my bank account information held inside a USA bank. I would rather not have the USA and it’s corporations building profiles of my financial transactions… This information can be used with malicious intent as well by people inside the banking system in creative ways. If you look into the recent Cyprus Government seizure of funds from it’s own citizens bank accounts, this brings about huge scares to trust the government controlled banking industries! Cyprus may be just an oddity, or it may just be the framework of future banking

The ultimate effect of any legal enforcement shall only be maintaining every individual exercising his activities within lawlimits.So, curtailing ones illegal activity should ensure other’s legal limits not affected.If there is no ground in the past to blame thousands of LR customers have crossed legallimit how their rights could be refused now?Surely, until its closure the systematic operation ofLR was as same as othersystems and only as accused by law some mischieving elements used it as a mobilecommunication being used.
Among all transaction there would be so many good and welfare things also ,whether they can be branded as cybercrime?The enforcement system should be able to distinguish all and exercise its powers in suitable way.Please every body should realise that any suffering experienced by legitimate users of this system will tommorow effect on socety as there is a popular proverb HISTORY REPEATS ITSELF.

so out of all this thread. the only 2 job professions i read people used LR for transactions is Forex Trading, and someone selling pre-paid debit cards?

I mean honestly? They sound like scams run by hackers. Sorry. Maybe I’m an ignorant American. But it sounds ridiculous to me anyone is making a living doing that kind of work.

And I can understand the argument that LR is cheaper then paypal, but I can’t understand how its its less secure? or how money gets frozen too much?

But ya i guess when all your doing is business with others hackers with stolen accounts that happens alot…lol IMO, for an honest person like me that would make paypal actually safer, not the other way around.

And i’m starting to get very angry when i hear about you people complaining you don’t have healthcare. When the US ranks 32nd in the world and the only 1st world nation with no universal healthcare. Lots of Americans have no healthcare been struggling to keep work since the Great Recession of 2008. 10% unemployment on avg for the past 4 years and thats only who they count as still active.

Major corporations are shipping all the jobs overseas to your countries….and then you have the nerve to tell us the only way for you to feed your family is to use the internet for shady dealings, which usually means an American ending up with the short end?

Its only gonna get worse for anonymous internet nerds in the future. This is just the beginning of the information age. Its ironic how so many think hackers are needed to keep governments honest….but they dont’ realize they are going to get more transparent too themselves…. Time to clean up.

And like most pathological liars even when caught red handed they will deny it and claim they are doing good.

“And I can understand the argument that LR is cheaper then paypal, but I can’t understand how its its less secure? or how money gets frozen too much?”

Actually I’ve known two self-employed contractors that tried taking paypal over the years who had their accounts (and balances) inexplicably frozen for a few months. Paypal seemed pretty disinterested and I wouldn’t be surprised if they have an even worse reputation abroad. I for one, when I was considering it and used to be self-employed, judged PayPal to be too risky to hold funds in (and too expensive to process credit cards) – I took checks instead with their shortcomings.

—

I thought it was a neat leap when I saw LR was shut down. Aside from bitcoins I’ve always been amazed how people can sell things like exploit code and get away with it because of the money transfers. On the other hand, though … contrasting HSBC getting barely a slap on the wrist the actions taken against LR are at least interesting. I wish I could see what would have happened were LR properly licensed in Costa Rica. If LR were on the up and up the disparity of punishment would have been tough to explain

Informed that the management liberty reserve will be transferred to the new website above for some reason and can not be avoided to the user. He said Arthur Budovsky, to avoid any law we will be responsible for transferring all the latest updates of information for millions of users worldwide use our new website properly. Party development webmaster liberty reserve said Allan Garcia, he will develop the new website for our loyal users. This is due to the behavior of some users have complained is not responsible for us. Therefore, please be sure and pass this information to all users worldwide. We will inform the our new website named “Robert” will be completed in June.meet me allenrolbert@gmail.com

Our discussions must be able to create consensus about an important point that though the closure of LR site inevitable according to the reports filed regarding mishandling of funds,behind the seen are real, honest depositors patiently waiting to process their moneyback . Already if the govt knows this fact but took offenciveaction as conviction of cybercriminals is need of the hour, then it should gradually try to resume the situation positive to legal depositors who are at any time ready to cooperate with law.ByLegal customers I mean only those senders and receivers of the money through LR which has been ever used for their legalbusiness and personal needs not spent for any activity prevented by law even for a single attempt.I wish our discussions shall be helpful to arrive at conscientious
reasoning which sacks illegalelements at the same time encourages loyal contributions.If the govt machinery does not care this side of the situation ,and thinks LR is only a site for cybercrimes it must be proved to it.

It started with i – Phone and has now transferred to i – Pad 2; the reason- lack of availability.
By the process, you might be reinforcing that negativity and
attracting to yourself MORE. Typically, the My Documents
folder will be the best someone to use.

The system of register of new website for business purpose, especially collecting FUND from public/member is not control by any government or any internet LEGAL PARTIES.
100 of lies display in private website to collect money. After collected money, they don’t send a single massage to customer.
What culture,business law do their GOVERNMENT proceed.
EMPTY PROMISES in written form to cheat the whole WORLD.

Eager to make extra money and to cover lifestyle serve Internet business part time money making plan, little investment, return 200% or more. Good. Good people by helping more people will gain more profit. Liberty Reserve only the best e-currency. Instant transfer.
When a business website design by a group of business people to market their product , approved by whom?
CYBER CRIME

No matter what went wrong with Liberty Reserve and the Director, COLLECTING FUND FROM INTERNET USER WITH TERM AND CONDITION and NOT PAYING BACK TO USER IS BUSINESS CRIME.
I WANT MY MONEY BACK L.R.usd $1200 exchange paypal $ 2200.00

I run a fund management forex trading package, all my investors use liberty Reserve because of little insignificant charges for deposit and withdrawal. the bank charges is astronomically high and get delayed in deposit and withdrawal from brokers.Liberty reserve is instant and fast without charges They all have thousands of $$$ loaded in their LR. Please i need their money back as they are all on my neck. The us govt should devise means of identifying legit user and get our funds remitted.

Very nice post. I just stumbled upon your weblog and wished to say that I have really loved browsing your
weblog posts. After all I’ll be subscribing for your feed and I’m hoping you write once
more soon!

Users from LR are not only outraged that they have lost almost every cent, but I am sure in the next couple of weeks everything will be back to normal. Stupidity from the U.S Government has caused an increase in cyber crime because of those who need to get their money back. Taking down LR was the least of the governments worries…They have unleashed mayhem on a global scale….

Please i need my money.i have some money in my libertyreserve account and am still expecting some payment into my liberty account.pls am calling on the authorities involve to pls handle this matter very well because alot of people are making use of libertyreserve.pls alots of money is involve here.pls make them to pay everyone who have money in his account so that our labours of getting those money will not be invain.thank.